The Impact of PSO Confidentiality and Privilege Protections on the Peer Review Process: What you need to know Michael R. Callahan, Esq. Katten Muchin Rosenman LLPObjectives • Provide overview of patient safety act and PSOs • Discuss scope of PSESs and PSOs • Considerations for design and implementation of a NMH/NMFF PSO • Review of hypothetical peer review and quality scenarios • Next stepsThe Patient Safety Act • Background • Purpose • Who is covered under the Act and what is required • The PSES and reporting to a PSO • Confidentiality and privilege protectionsBackground • Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act) – Signed into law July 29, 2005 • Final rule published November 21, 2008 • Rule took effect January 19, 2009Impetus for the Act • Healthcare workers fear disclosure • State-based peer-review protections are: – Varied – Limited in scope – Not necessarily the same for all healthcare workers – NMH is covered under Medical Studies Act but NMFF is not • No existing federal protections • Data reported within an organization is insufficient, viewed in isolation and not in a standard formatPatient Safety Act Purpose • To encourage the expansion of voluntary, providerdriven initiatives to improve the quality and safety of health care; to promote rapid learning about the underlying causes of risks and harms in the delivery of health care; and to share those findings widely, thus speeding the pace of improvement. – Strategy to accomplish its purpose • Encourage the development of PSOs • Establish strong Federal and greater confidentiality and privilege protections • Facilitate the aggregation of a sufficient number of events in a protected legal environment.Why Participate in a PSO? • Regulatory mandates • Employer and payer demands • Just culture – New Joint Commission Sentinel Event Alert • It’s good businessWhy Participate in a PSO? Regulatory Mandates • Illinois Health Care Adverse Event Reporting Law of 2005 – Implementation this year – Calls for reporting of 24 specific “never” events to the state, along with root cause analysis and corrective action plans – PSO participation will enable learning from experience of others and consultation in developing these mandatory resources – PSO provides fully protected legal frameworkWhy Participate in a PSO? Employer and Payer Demands • Leapfrog Group challenge to all providers: adopt a four-pronged transparency strategy with patients when a “never” event occurs, including: – Apology – Internal root cause analysis – Waiver of related charges – Reporting for learning -can best be met through a PSO • Denial or reduction of reimbursement by payers and PHP initiativesWhy Participate in a PSO? It’s Good Business • Consumer groups and advocates have called for substantially more engagement of the patient and the public in improving healthcare systems • Better and safer care should be more efficient care which costs less in dollars as well as in patient suffering, clinician frustration and unhappiness • Healthcare providers want to provide the best possible care, but at times the fear of disciplinary action and/or liability prevents this. PSO provides a safe environment where providers can learn.Four Sections of the Act • Definitions • Certification process and requirements – Improvement MUST be the primary activity of the PSO • Privilege and confidentiality – Modeled after HIPAA – More stringent State and individual contract provisions are not preempted • EnforcementEnforcement – Confidentiality • Office of Civil Rights • Compliance reviews will occur and penalties of up to $10,000 per incident may apply – Privilege • Adjudicated in the courtsThe Patient Safety Act • Creates independent Patient Safety Organizations (PSOs) that will receive protected data, analyze the data and share recommendations with healthcare providers for improvement • Provides Federal and State legal privilege and confidentiality protections to information that is assembled and reported by providers to a PSO or developed by a PSO to conduct patient safety activities • Limits the use of patient safety information in criminal, civil, and administrative proceedings and imposes monetary penalties for violations of confidentiality or privilege protectionsWho or What Does the Act Cover? • Provides uniform protections against certain disciplinary actions for all healthcare workers and medical staff members • Protects Patient Safety Work Product (PSWP) submitted by providers either directly or through their Patient Safety Evaluation System (PSES) to Patient Safety Organizations (PSOs) • Protects PSWP collected on behalf of providers by PSOs (e.g., root cause analysis, proactive risk assessment)The Patient Safety Act Does Not • Mandate provider participation in a PSO • Make significant error reporting mandatory— defers to states • Preempt stronger state protections • Provide for any federal funding of PSOsLong-Term Goals of the PSA • Encourage the development of PSOs • Foster a culture of safety through strong federal and state confidentiality and privilege protections • Create the Network of Patient Safety Databases (NPSD) to provide an interactive, evidence-based management resource for providers that will receive, analyze, and report on de-identified and aggregated patient safety event information Further accelerating the speed with which solutions can be identified for the risks and hazards associated with patient care through the magnifying effect of data aggregationExpected Results Hospital A Hospital B Long-Term Care Facility A Long-Term Care Facility B Physician Group A Physician Group B Pharmacy A Pharmacy B Home Health Care Agency A Home Health Care Agency B PSWP PSWP PSO New Knowledge Educational Products Collaborative Learning Surgicenters Comparative Reports Source: Katten Muchin Rosenman, LLP, headquartered in Chicago.Essential Terms of the Patient Safety Act • Patient safety evaluation system (PSES) • Patient safety work product (PSWP) • Patient safety organization (PSO)Patient Safety Evaluation System (PSES) • PSES definition • Body that manages the collection, management, or analysis of information for reporting to or by a PSO (CFR Part 3.20 (b)(2)) – Determines which data collected for the PSO is actually sent to the PSO and becomes patient safety work product (PSWP) – PSES analysis to determine which data is sent to the PSO is protected from discovery as PSWPPatient Safety Work Product (PSWP) • PSWP definition – Any data, reports, records, memoranda, analyses (such as root cause analyses [RCA]), or written or oral statements (or copies of any of this material) which could improve patient safety, healthcare quality, or healthcare outcomesPatient Safety Work Product (PSWP) (cont’d) • And that: – Are assembled or developed by a provider for reporting to a PSO and are reported to a PSO, which includes information that is documented as within a PSES for reporting to a PSO, and such documentation includes the date the information entered the PSES; or – Are developed by a PSO for the conduct of patient safety activities; or – Which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a PSESWhat is NOT PSWP? • Patient's medical record, billing and discharge information, or any other original patient or provider information • Information that is collected, maintained, or developed separately, or exists separately, from a PSES. Such separate information or a copy thereof reported to a PSO shall not by reason of its reporting be considered PSWP • PSWP assembled or developed by a provider for reporting to a PSO but removed from a PSES and no longer considered PSWP if: – Information has not yet been reported to a PSO; and – Provider documents the act and date of removal of such information from the PSESWho is a Provider Under the Act? • An individual or entity licensed or otherwise authorized under state law to provide healthcare services, including, among others: – Hospital, nursing facility, comprehensive outpatient rehabilitation facility, home health agency, hospice, renal dialysis facility, ambulatory surgery center, pharmacy, physician or healthcare practitioner’s office including a group practice, long-term care facility, behavioral health residential treatment facility, clinical laboratory – Also includes parent organization of organization described aboveWho is a Provider Under the Act? • Physician, PA, RN, nurse practitioner, clinical nurse specialists CRNA, certified nurse midwife, psychologist, certifier social worker, registered dietician or nutrition professional, physical or occupational therapist, pharmacist, or other individual healthcare practitioner • PHOs and IPAs are not a provider under the PSO rulesWhat is Required of a Provider? • Establish and implement a patient safety evaluation system (PSES), that: – Collects data to improve patient safety, healthcare quality, and healthcare outcomes – Reviews data and takes action when needed to mitigate harm or improve care – Analyzes data and makes recommendations to continuously improve patient safety, healthcare quality, and healthcare outcomes – Conducts RCAs, proactive risk assessments, in-depth reviews, and aggregate RCAs – Determines which data will/will not be reported to the PSO – Reports to PSO(s)Event/Incident Reporting Policy • Modify existing policies as needed to reflect the purpose is for reporting is for … – Patient safety, healthcare quality, and outcome improvement – Reporting to a PSO • Include a process (through the PSES) for the removal of incidents from PSES or separate system for … – Disciplinary action – Just culture – Mandatory state reporting – Independent/separate peer reviewQuestions to Answer When Developing PSES Policy • Who or what committee(s) – Collects data that will be reported to a PSO? • Single source or multiple sites? • Single department or organization wide event reporting? – Analyzes data that will be reported to a PSO? – Removes data from PSES prior to reporting to a PSO? – Submits the data from the PSES to the PSO(s)? • Committee or individual authorized submission?Questions to Answer When Developing PSES Policy • What data should be … • Collected to report to a PSO? – Patient safety data, healthcare quality, and outcomes data * Data cannot be used for adverse disciplinary, versus remedial, employment action, mandated state reporting, Joint Committee OPPE/FPPE • Removed from PSES prior to reporting to a PSO? – Criteria based or subjective case-by-case decision making – Peer review information that could lead to disciplinary action • When is data … – Reported to PSES? – Removed from PSES? – Reported to PSO? * Each date must be documentedQuestions to Answer When Developing PSES Policy • Where does data go for analysis within and outside of the organization? • Is the PSO listed by AHRQ? • Will we submit data to component PSO or multiple PSOs?How Does a Provider Determine Which Data Should Be Reported to A PSO? • Criteria-based prioritization – Suggested criteria • Promotes culture of safety/improves care • Impressions/subjective data that is not available in the medical record • Information that could be damaging during litigation • Not required to report elsewhere • Required to report elsewhere, but data for reporting could be obtained from medical record • Data will not be used to make adverse employment decisions Types of Data PSES May Collect and Report to the PSO • Medical error, FMEA or proactive risk assessments, root cause analysis • Outcome/quality—may be practitioner specific, sedation, complications, blood utilization etc. • Peer review • Committee minutes–safety, quality, quality and safety committee of the board, medication, blood, physician peer reviewSteps to PSO Reporting • Inventory data currently collected – Patient safety, quality of care, healthcare outcomes • Prioritize data that will be submitted to a PSO and become PSWP; what data will do the most to support improving the culture of safety • Establish a system for data collection and review – Standardized data collection will both enhance benchmarking comparisons and ultimately comply with AHRQ’s mandate for PSOs to collect standardized data; AHRQ’s “Common Formats” or another common format – Agree to the processes that the PSES will follow to determine PSWP • Create appropriate policies: Event reporting; PSES, PSO reportingInventory of Data to Improve Patient Safety, Healthcare Quality, or Outcomes Indicator Data source Data collected by Reported to Frequency Allegation of abuse Incident reports Staff witness or aware VP Nursing, If confirmed State Board of Nursing Upon occurrence and 3 reports per year Medication errors Incident reports, Medical Record Provider that made the error, Staff witness or aware HSRC, Medication Safety Committee, Harm score I –State adverse event reporting 200 per month Unplanned Returns to Surgery Surgery log, Peer Review worksheets, Medical Record QI Specialist Surgery Peer Review Committee, National Surgical Outcome Project If due to Retained Foreign Object, State adverse reporting 10 per month Source: Katten Muchin Rosenman, LLP, headquartered in Chicago.PSO Reporting Process Professional Standards Committee Professional Standards Committee Medical Executive Committee Medical Executive Committee Medical Staff Quality Management Committee Medical Staff Quality Management Committee Administrative Quality Management Committee Administrative Quality Management Committee DDeeppaarrttmmeenntt//CCoommmmiitttteeee CChhmm Medical Staff Interdisciplinary Department Quality Committees Medical Staff Interdisciplinary Department Quality Committees Functional (Interdisciplinary) Quality Committees Functional (Interdisciplinary) Quality Committees Senior Management and Directors Senior Management and Directors Inter-Disciplinary and Departmental Quality Committees Inter-Disciplinary and Departmental Quality Committees CNE Coordinating Council Practice Comm Education Comm Informatics Comm Quality and Patient Safety CNE Coordinating Council Practice Comm Education Comm Informatics Comm Quality and Patient Safety Clinical Care Evaluation Committee Clinical Care Evaluation Committee Patient Safety Committee Patient Safety Committee PPSSOO Shared members, communications PPSSEESS Source: Katten Muchin Rosenman, LLP, headquartered in Chicago.Typical Severity Analysis ReportTypical Trend ReportsTypical Prevention & Harm Report Low Harm with High ability to Prevent High Harm with Low Opportunity to PreventMandatory Reporting to State Agencies • Providers have flexibility in defining and structuring their PSES, as well as determining what information is to become PSWP and, thus, protected from disclosure – Use information that is not PSWP to fulfill mandatory reporting obligations (e.g., medical records, surgery logs, etc.) – Report subjective incident report data to PSO for protectionsDisclosure of Medical Errors • Disclose to Patient/Family – Objective facts that are also documented in the medical record – Actions taken to prevent harm to another patient • Report to PSO – Event report that contains staffs’ impressions on why this event may have happen – Additional analyses to determine why the event happen – RCA recommendationsMedical Staff Evaluation • Learning and quality improvement – Report to PSO: • Physician specific reports • Findings, Conclusions, Recommendations from individual case peer review • Reappointment/renewal of privileges – Do not report to PSO: • Ongoing professional practice evaluation (OPPE) • Focused professional practice evaluation (FPPE)Physician Evaluation Scenario Provider receives first notice of a claim re: unplanned return to surgery for hemorrhage after tonsillectomy Provider investigates claim under Attorney-Client Privilege Is this an isolated incident or a pattern/trend? Provider collects outcome data on tonsillectomies for reporting to PSO PSO and PSES conduct in-depth review of 15 unplanned returns to surgery—each case is reviewed by a peer and recommendations are given to individual surgeons involved Provider determine that unplanned return to surgery for hemorrhage after tonsillectomy should be on the ENT physicians OPPE and that any surgeon with greater than 3 occurrences in a quarter will go to Focus review. Physician x exceeds threshold. Focus review occurs and privileges removed PSWP Not PSWP Not PSWP Source: Katten Muchin Rosenman, LLP, headquartered in Chicago.Confidentiality and Privilege ProtectionsPatient Safety Work Product • To optimize protection under the Act: – Understand the protections afforded by the Act – Inventory data from all sources to determine what can be protected – Internally define your PSES – Complete appropriate policies on collection, analysis and reporting – Develop component PSO and/or select listed PSOPatient Safety Work Product Privilege • PSWP is privileged and shall not be: – Subject to a federal, state, local, tribal, civil, criminal, or administrative subpoena or order, including a civil or administrative proceeding against a provider – Subject to discovery – Subject to FOIA or other similar law – Admitted as evidence in any federal, state, local, or tribal governmental civil or criminal proceeding, administrative adjudicatory proceeding, including a proceeding against a provider – Admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under state law Patient Safety Work Product • Exceptions: – Disclosure of relevant PSWP for use in a criminal proceeding if a court determines, after an in-camera inspection, that PSWP • Contains evidence of a criminal act • Is material to the proceeding • Not reasonably available from any other source – Disclosure through a valid authorization if obtained from each provider prior to disclosure in writing, sufficiently in detail to fairly inform provider of nature and scope of disclosurePatient Safety Work Product Confidentiality • Confidentiality: – PSWP is confidential and not subject to disclosure • Exceptions: – Disclosure of relevant PSWP for use in a criminal proceeding if a court determines after an in camera inspection that PSWP • Contains evidence of a criminal act • Is material to the proceeding • Not reasonably available from any other source – Disclosure through a valid authorization if obtained from each provider prior to disclosure in writing, sufficiently in detail to fairly inform provider of nature and scope of disclosurePatient Safety Work Product Confidentiality • Exceptions (cont’d): – Disclosure to a PSO for patent safety activities – Disclosure to a contractor of a PSO or provider – Disclosure among affiliated providers – Disclosure to another PSO or provider if certain direct identifiers are removed – Disclosure of non-identifiable PSWP – Disclosure for research if by a HIPAA covered entity and contains PHI under some HIPAA exceptions – Disclosure to FDA by provider or entity required to report to the FDA regarding quality, safety, or effectiveness of a FDA-regulated product or activity or contractor acting on behalf of FDAPatient Safety Work Product Confidentiality • Exceptions (cont’d): – Voluntary disclosure to accrediting body by a provider of PSWP but if about a provider who is not making the disclosure provider agrees identifiers are removed • Accrediting body may not further disclose • May not take any accrediting action against provider nor can it require provider to reveal PSO communications – Disclosure for business operations to attorney, accountants, and other professionals who cannot re-disclose – Disclosure to law enforcement relating to an event that constitutes the commission of a crime or if disclosing person reasonably suspects constitutes commission of a crime and is necessary for criminal enforcement purposesInteraction with HIPAA Privacy Regulations • If HIPAA applies, must comply with both HIPAA privacy rule and PSO rule: – PSOs will be business associates of HIPAA-covered entities – Patient safety activities of HIPAA-covered entities deemed health care operations – However, not all providers are HIPAA-covered entities and identifiable PSWP will not always contain PHIInteraction with HIPAA Privacy Regulations • PSWP vs. PHI – Non-identification standard for PSWP confidentiality exception is adapted from HIPAA Privacy Rule de-identification standard – HIPAA requirements for disclosures for Research, (more broadly defined), incorporated by reference as applicable to PSWP – PSWP exception to privilege and confidentiality for law enforcement much narrower – No minimum necessary standard for PSWP, but discloser “strongly” encouraged to consider how much PSWP is necessary – Notwithstanding PSWP confidentiality and privilege protection, disclosures of PSWP permitted to Secretary in order to enforce HIPAA Privacy Rule as well as PSO ruleInteraction of PSO Protections with State Peer Review Protections and Peer Review Activities • Patient Safety Act is the first federal legislation to provide for a federal and state confidentiality and privilege statute for patient safety and peer review • Does it apply to state peer review activities? – In conversations with AHRQ officials the simple answer is Yes, – But. . . . • Why do we care? – Physicians are able to use otherwise confidential peer review information to support federal claims such as antitrust, age, race and sex discrimination, ADA, etc.Interaction of PSO Protections with State Peer Review Protections and Peer Review Activities • Remember, info collected but not yet reported to PSO can be withdrawn and, therefore, will not be considered PSWP but still can be protected under state law • AHRQ representatives acknowledged that “disciplinary proceedings” could be defined under medical staff bylaws as not to include lesser remedial actions such as monitoring, proctoring, consultations, and other actions that do not trigger hearing rights and/or Data Bond reports • Need to clearly define in the bylaws and have accepted by the medical staff • If information collected generally identifies conduct that could give rise to imposition of disciplinary action, information should be removed and documentation of removal should be evidenced if it otherwise would have been reported and considered PSWP Interaction of PSO Protections with State Peer Review Protections and Peer Review Activities • Remember that once it is removed and used for other purposes, it cannot be later reported and treated as PSWP • It is therefore very important to reflect these options and alternative paths in designing peer review procedures and PSES in order to incorporate flexibility and maximum protections under state confidentiality and PSO protections • If you decide to report to PSO, you may have to trigger new reviews that are outside PSES because, except for original records, such as medical records, you will not be able to rely on PSWP to take disciplinary action against the physician • Also, keep in mind that PSWP reported to a PSO cannot be used to defend NMH/MNFF in a negligent credentialing action (Frigo case) or other legal actionPeer Review Hypothetical: Post Op Infections • Ortho group identified as having several post op infections as per screening criteria. • Department of Surgery and Committee on Infection Control and Prevention decide to conduct review of all ortho groups in order to compare practices and results – Data and review collected as part of PSES • Review identifies a number of questionable practices generally, which are not consistent with established infection control protocols – Data and analysis and recommendations eventually reported to PSO • Review also discloses member of targeted ortho group as having other identified issues including: – Total shoulder procedures in elderly patients – Questionable total ankle proceduresHypothetical: Post Op Infections – Untimely response to post op infections • Issues identified are significant enough to trigger thirdparty review • Third-party review identifies and confirms issues that may lead to remedial/corrective action • Decision is made by department chair that physician’s cases need to be monitored for six-month period – Monitoring reveals repeat problems relating to questionable judgment and surgical technique which have resulted in adverse outcomes – Department chair recommends formal corrective actionPhysician-Specific Issues Outside Review Department Imposes Monitoring Monitoring Identifies New Cases Formal Corrective Action General Issues Dept. of Surgery/Committee on Infection Control and Prevention Dept. of Surgery/Committee on Infection Control and Prevention Medical Staff Quality Management Committee Medical Staff Quality Management Committee Professional Standards Committee Professional Standards Committee PPSSOOAdministrative Quality Management Committee Administrative Quality MMEECC Management Committee PSES Source: Katten Muchin Rosenman, LLP, headquartered in Chicago. Hypothetical: Ortho Post Op Infections

Latest Posts

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

"My best business intelligence, in one easy email…"

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Privacy Policy (Updated: October 8, 2015):

hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.